<?php

/*
	This file is part of Mandragon.

    Mandragon is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    Mandragon is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Mandragon.  If not, see <http://www.gnu.org/licenses/>.
*/

global $no_menu;
$no_menu = 1;

class DeletePage {
	/**
	 * adds extra access checks, dependent on page state
	 */
	function page_inc_check_access($page) {
		check_access("READ");
		switch ($_GET['type']) {
			case "ALERT":
			case "REPLY":
				$ereg = "^[0-9]+(,[0-9]+)*$";
				break;
			case "ITEM":
				$ereg = "^[0-9]+$";
				break;
			default:
				errorpage(9);
		}
		if (!$_GET['ids'] or !ereg($ereg, $_GET['ids']))
			errorpage(9);
	}


	/**
	 * execute page logic
	 */
	function page_inc_execute($page) {
		$creator = new FormCreator();
		$CONTENT = array();
		
		switch($_GET['type']) { // check access: 
					// 	- check whether user has moderator rights AND 
					//	- check whether supplied ids belong in this directory
			case "REPLY":
				$CONTENT['title'] = "Reacties verwijderen";

				$sql = db_query_select(array(array(), 'dir_id, author'), array("(POST INNER JOIN ITEM_IN ON POST.item_id = ITEM_IN.item_id) INNER JOIN SUB_IN ON ITEM_IN.sub_id = SUB_IN.sub_id", "DUMMY"), "post_id IN ({$_GET['ids']}) AND ITEM_IN.item_id = {$page->id}");
				$sqlresult = db_do_query($page, $sql);
				$ok = 0;
				$owner = 0;
				if (ereg(",", $_GET['ids']))
					$owner--;
				while ($r = db_fetch_array($sqlresult)) {
					if ($r['dir_id'] == $page->directory_tree[$page->dir_depth-1]['dir_id'])
						$ok = 1;
					if ($r['author'] == $_SESSION['user_id'])
						$owner = 1;
				}
				if (!$ok)
					errorpage(11);
				if (!has_access("MODERATE") and !has_access("ADMIN") and !($owner > 0))
					errorpage(5);
				break;
			case "ITEM":
				$sql = db_query_select(array(array(), 'dir_id'), array("ITEM_IN INNER JOIN SUB_IN ON ITEM_IN.sub_id = SUB_IN.sub_id", "DUMMY"), "item_id IN ({$_GET['ids']})");
				$sqlresult = db_do_query($page, $sql);
				$ok = 0;
				while ($r = db_fetch_array($sqlresult)) {
					if ($r['dir_id'] == $page->directory_tree[$page->dir_depth-1]['dir_id'])
						$ok = 1;
				}
				if (!$ok)
					errorpage(11);
				if (!has_access("MODERATE") and !has_access("ADMIN"))
					errorpage(5);
				$sql = db_query_select(array(array('*')), array("ITEM"), "item_id = {$_GET['ids']}");
				$item = db_fetch_array(db_do_query($page, $sql));
				$CONTENT['title'] = "Een item verwijderen";
				break;
			case "ALERT":
				db_do_query($page, db_query_delete("ALERT", "user_id = {$_SESSION['user_id']} AND alert_id IN ({$_GET['ids']})"));
				endpage("OK, alerts verwijderd");
				break;
			default:
				die("unknown type");
		}

		if ($_POST['submitted']) {
			switch($_GET['type']) {
				case "REPLY":
					db_do_query($page, db_query_update(array('creation', 'edit', 'num_posts'), array('creation', 'edit', 'num_posts-' . (substr_count($_GET['ids'], ',')+1)), "ITEM", "item_id = {$page->id}"));
					$sql = db_query_update(array('creation', 'edit', 'deleted'), array('creation', 'edit', 1), "POST", "post_id IN ({$_GET['ids']})");
					break;
				case "ITEM":
					if ($_POST['sub_id']) {
						$sql = db_query_update(array('deleted'), array(1), "ITEM_IN", "item_id IN ({$_GET['ids']}) AND sub_id = {$_POST['sub_id']}");
					} else {
						db_do_query($page, db_query_update(array('deleted'), array(1), "ITEM_IN", "item_id IN ({$_GET['ids']})"));
						$sql = db_query_update(array('creation', 'edit', 'deleted'), array('creation', 'edit', 1), "ITEM", "item_id IN ({$_GET['ids']})");
					}
					break;
				default:
					die("unknown type");
			}
			db_do_query($page, $sql);
			add_log("gebruiker #{$_SESSION['user_id']} verwijderde volgende {$_GET['type']}s: {$_GET['ids']}");
			$CONTENT['body'] = "OK, deleted";
		} else {
			$inputs = array();
			switch ($_GET['type']) {
				case "REPLY":
					break;
				case "ITEM":
					$occurences = db_do_query($page, db_query_select(array(array(), "SUB_IN.*, DIRECTORY.menuname"), array("(ITEM_IN INNER JOIN SUB_IN ON ITEM_IN.sub_id = SUB_IN.sub_id) INNER JOIN DIRECTORY ON SUB_IN.dir_id = DIRECTORY.dir_id", "DUMMY"), "NOT ITEM_IN.deleted AND item_id IN ({$_GET['ids']})"));
					if (db_num_rows($occurences) > 1) {
						$ks = array();
						$vs = array();
						while ($occ = db_fetch_array($occurences)) {
							$dir = $occ['dir_id'];
							$v = "{$occ['menuname']} > " . ($occ['sub_title'] ? $occ['sub_title'] : "[naamloos]");
							$occarr[] = array('name' => $occ['sub_title'] ? $occ['sub_title'] : "[naamloos]", 'link' => "{$occ['sub_id']}.subset");
							$ks[] = $occ['sub_id'];
							$vs[] = $v;
						}
						$inputs[] = $creator->input_select("Verwijderen uit", "sub_id", $ks, $vs);
					}
					break;
				default:
					die("unknown type");
			}
			$buttons = array();
			$buttons[] = $creator->button('BUTTON', 'deletebutton', 'verwijderen', 0, "document.deleteform.submitted.value=1;document.deleteform.submit()");
			$CONTENT['form'] = $creator->create("deleteform", $inputs, "{$page->dir_path}/{$page->id}.delete?type={$_GET['type']}&ids={$_GET['ids']}", "POST", $buttons);
			if ($_GET['type'] == "ITEM")
				$CONTENT['body'] = "Deze actie verwijdert het item volledig. Om enkel de vermelding in deze directory te verwijderen, gebruik de verplaatsknop.";
		}

		$page->content = $CONTENT;
	}


	/**
	 * dress up page content using skin stuff
	 */
	function page_inc_dress($page) {
		if ($page->content['body'])
			print_body($page);
		if ($page->content['form'])
			print_form($page, $page->content['form']);
	}
}

?>
